Savant 3.0 web server vulnerability

[Phiber <phiber () xatrix org>]

Vendor Name: Savant
Product: Savant 3.0 web server
Discoverd by: Xatrix
Url: www.xatrix.org

1. About software

Savant web server has been written by Michael Lamont
(http://savant.sourceforge.com) it is very configurable freeware
http deamon for win95/98. It's current version is 3.0

2.  Full Detail

It is known that you can crash Savant web server 2.1 and 2.0 by sending
something like this '%00'(that was discoverd by Ussr), and it was fixed
in version 3.0 but something like that is still present in 3.0; by sending
something like (e.g.)

    www.web_server_that_runs_on_SAVANT.com/%%%

web server can be crashed.

3. Closing word

I hope that vendor will proved patch,or meybe release new version of
web server which will be immune to this type of DoS.
Hello goes to Ussr team for discovering this problem long time ago ...


"Stay informed, visit XatriX security"
  >> www.xatrix.org <<